Monthly Archives: December 2020

Judge: UK students’ suit on fee refunds from COVID semester can proceed, but not tuition

Source: -- Education

Article note: This'll be fun.

A lawsuit seeking tuition and fee refunds for University of Kentucky students enrolled during the spring 2020 semester was allowed by a judge to partially go forward on Wednesday. University … Click to Continue »

Posted in News | Leave a comment

Apple loses copyright claims in lawsuit against Corellium

Source: OSNews

Article note: That is a surprising win. Excellent, but surprising.

Corellium, a mobile device company that supports iOS, this week won a significant victory in its legal battle against Apple. Apple last year sued Corellium for copyright infringement because the Corellium software is designed to replicate iOS to allow security researchers to locate bugs and security flaws.

According to The Washington Post, a Florida judge threw out Apple’s claims that Corellium had violated copyright law with its software. The judge said that Corellium successfully demonstrated that it operates under fair use terms.

A very unlikely victory, considering the massive financial means difference between these two companies. A good one, though – this was just the world’s largest corporation being annoyed a small upstart made their products look bad by giving security researchers the tools they need to find bugs and security flaws in iOS.

Being annoyed your forced Uighur-labour brand might get tarnished should not be grounds for a legal case.

Posted in News | Leave a comment

FAA finally sets rules for piloting small drones

Source: Ars Technica

Article note: Not the _most_ obnoxious version of proposed regulation, but it's definitely more conservative than seems like a reasonable compromise to me. If the sub-regulation weight were more like 1Kg I'd find it less obnoxious, but regulating racing drones and other similar hobby stuff and delivery drones under the same regime is just giving the airspace to the big commercial players. Also, I think this might be a major problem for anyone who flies longer-range fixed-wing RC?
FAA finally sets rules for piloting small drones

Enlarge (credit: Bruce Bennett/Getty Images)

After months of uncertainty, corporations and hobbyists alike finally have a set of drone guidelines from the Federal Aviation Administration. The final rules are a step back from some proposed restrictions, as they will allow flights over crowds and some nighttime operations. But all drones weighing over 0.25kg (0.55lb) will need to have a unique Remote ID, as will smaller drones that are flown over crowds.

One proposal that didn't make the final cut would have required Remote ID to connect over the Internet to a location-tracking database so drone operations could be monitored in real time by the FAA (and law enforcement). The FAA believes that Remote ID, which will locally transmit the location of both drone and "control stations," meets the needs of national security and law enforcement.

"These final rules carefully address safety, security and privacy concerns while advancing opportunities for innovation and utilization of drone technology," said US Secretary of Transportation Elaine L. Chao in a press release.

Read 5 remaining paragraphs | Comments

Posted in News | Leave a comment

ATT services down due to bombing in Nashville

Source: Hacker News

Article note: The fact that they managed a targeted attack that knocked out the voip/pots connection point for a whole region is really fascinating. Will be very interesting to hear what the motive was.
Posted in News | Leave a comment

What comes after Git?

Source: Hacker News

Article note: Something that handles binary assets vaguely competently without extensions? Something that doesn't have a hugely complicated exposed model largely unrelated to its use case that you must understand for it to not be a foot cannon? Something whose common-use workflow isn't deeply tied to one third-party commercial vendor?
Posted in News | Leave a comment

“How Amazon Wins: By Steamrolling Rivals and Partners”

Source: adafruit industries blog

Article note: Sleazy.

Adafruit 2019 4655

How Amazon Wins: By Steamrolling Rivals and Partners

At its height about a decade ago, Pirate Trading LLC was selling more than $3.5 million a year of its Ravelli-brand camera tripods—one of its bestselling products—on Amazon, said owner Dalen Thomas.

In 2011, Amazon began launching its own versions of six of Pirate Trading’s top-selling tripods under its AmazonBasics label, he said. Mr. Thomas ordered one of the Amazon tripods and found it had the same components and shared Pirate Trading’s design. For its AmazonBasics products, Amazon used the same manufacturer that Pirate Trading had used.

Several Amazon sellers said they have received notifications from Amazon, which has been battling fraud and fake goods on its platform, that say their products are used or counterfeit. Amazon suspends their selling accounts until they can prove that the products are legitimate, which can cause big sellers to lose tens of thousands of dollars each day, they said.

To turn their accounts back on, Amazon often requests that the sellers provide details on who manufactures their product along with invoices from the manufacturer so that Amazon can verify authenticity. Several sellers told the Journal they provided those details to Amazon to get their accounts reinstated, only for Amazon to introduce its own version of their products using the same manufacturer.

Read more.

Posted in News | Leave a comment

Xfce 4.16

Source: Hacker News

Article note: I always appreciate XFCE, it was my default from 4.0 in 2003 for about 16 years because it's so simple and consistent. I've been transitioning to mostly KDE for the last couple years because the whole GTK ecosystem is being contaminated with the Gnome3 asthetic-I-hate (why is the toolbar buried 3 clicks deep in a hamburger menu? Why is this awful, wide CSD hiding my window controls and padding out my precious display height?) and KDE's sluggishness and ram hunger have improved dramatically in the same timeframe.
Posted in News | Leave a comment

More on the SolarWinds Breach

Source: Schneier on Security

Article note: Maximum shitshow. SolarWinds had _everyone_ as customers and was negligently chickenshit, as security vendors usually are because, for the most part, added-on security products are theater for executives. Government compromised. Major tech companies compromised. State actors involved.

The New York Times has more details.

About 18,000 private and government users downloaded a Russian tainted software update –­ a Trojan horse of sorts ­– that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.

It’s unlikely that the SVR (a successor to the KGB) penetrated all of those networks. But it is likely that they penetrated many of the important ones. And that they have buried themselves into those networks, giving them persistent access even if this vulnerability is patched. This is a massive intelligence coup for the Russians and failure for the Americans, even if no classified networks were touched.

Meanwhile, CISA has directed everyone to remove SolarWinds from their networks. This is (1) too late to matter, and (2) likely to take many months to complete. Probably the right answer, though.

This is almost too stupid to believe:

In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds’ computers through underground forums, according to two researchers who separately had access to those forums.

One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company’s clients, which include U.S. law enforcement agencies.

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”

“This could have been done by any attacker, easily,” Kumar said.

Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said.

That last sentence is important, yes. But the sloppy security practice is likely not an isolated incident, and speaks to the overall lack of security culture at the company.

And I noticed that SolarWinds has removed its customer page, presumably as part of its damage control efforts. I quoted from it. Did anyone save a copy?

EDITED TO ADD: Both the Wayback Machine and Brian Krebs have saved the SolarWinds customer page.

Posted in News | Leave a comment

Google committed “antitrust evils,” colluded with Facebook, new lawsuit says

Source: Ars Technica

Article note: Popcorn time! It's going to drag on _foerver_. I'd like to see a solid shit-kicking at least on the "Colluding with Facebook in the adtech market" point.
A large Google logo is displayed amidst foliage.

Enlarge (credit: Sean Gallup | Getty Images)

Two separate coalitions of states have filed massive antitrust lawsuits against Google in the past 24 hours, alleging that the company abuses its extensive power to force would-be competitors out of the marketplace and harms consumers in the process.

Texas Attorney General Ken Paxton spearheaded the first suit, which nine other states also signed onto. The second suit is led by Colorado Attorney General Phil Weiser and Nebraska Attorney General Doug Peterson, and an additional 36 states and territories signed on.

Antitrust law isn't just about a company being an illegal monopoly or even about being the dominant firm in its market sector. Although being a literal monopoly, with no available competition of any kind, can put you on the fast track to investigation, the law has broader concerns. Primarily, antitrust investigations are about anticompetitive behavior—in short, how a company uses its power. If you're a big company because everyone likes your stuff best, well, you're a big company, congratulations. But if you got to be the dominant company by cheating somehow—strong-arming other firms in the supply chain; targeting anticompetitive acquisitions; colluding with other firms to manipulate market conditions, and so on—that's a problem.

Read 21 remaining paragraphs | Comments

Posted in News | Leave a comment

Facebook Is a Doomsday Machine

Source: Hacker News

Article note: Facebook freaks me out, but the tempo and volume of "The _WRONG PEOPLE_ are organizing!" articles lately is also getting distressing. Mostly from people from populations who previously made large gains in their social power by organizing on the Internet.
Posted in News | Leave a comment